Posted
by
timothy
on Tuesday December 21, 2010 @07:44PM
from the wanna-go-for-a-ride-neighbor? dept.

wiredmikey writes "Another good reason to make sure your wireless is secured! 'Barry Vincent Ardolf of Blaine, Minnesota pleaded guilty to hacking into his neighbor's wireless Internet system and posing as the neighbor to make threats to kill the Vice President of the United States. Just two days into his federal trial in St. Paul, Ardolf stopped the trial to plead guilty. According to the US Department of Justice, in his plea agreement, Ardolf, 45 years-old, was indicted on June 23, 2010, admitted that in February of 2009, he hacked into his neighbor's wireless Internet connection and created multiple Yahoo.com email accounts in his neighbor's name." Ardolf's guilty plea included child porn possession, as well as the death threats.

He might have gotten away with it too, if instead he used the connection to download and share heaps of music, and then sent an anonymous tip to the RIAA. That would have put his neighbour in court quick smart. From what I've heard, lack of evidence means little to the RIAA.

The article is rather sparse on details, but what interests me is that Ardolf didn't succeed in his "this'll get the dude in trouble" plan; what led the police to believe that the access point had been 'hacked'? What security was used, for that matter? Were there logs?

The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system, and since the courts often seem to make the mistake that 'IP address == person' it'd be good to see how they went about distinguishing the actual criminal from the victim here.

They would have gotten the guy who owns the net connections PC and gone to town, found it clean of any corroborating evidence and then gone looking for neighbours who might have been using it (since it would have been a regular thing over time). Cross reference which neighbours don't have their own net connections with a motive (who had a grudge against him).

Easier to narrow down the field of who would do it by motive, of course once it was established it was a frame up.

Police still don't think technically, they stick to police work and leave the dissecting of evidence to professionals. They would have thought, "The crime was done via computer, so lets get a warrant to search for and seize his computer stuff" then they get someone else to go through that, to find the evidence that ties the person to the crime. Finding none they would have gone searching for a motive.

The problems arise when technology forms the core of the case, rather than just being evidence

The article is rather sparse on details, but what interests me is that Ardolf didn't succeed in his "this'll get the dude in trouble" plan; what led the police to believe that the access point had been 'hacked'? What security was used, for that matter? Were there logs?

Chances are it was wide open, no security. The guy does not sound bright enough to have even hacked WEP, let alone anything stronger.

With that fact in hand, and finding no evidence that the neighbor had any knowledge or ill intent, your circle of suspects is limited to what you can measure with a standard hard ware store carpenters tape measure.

This last week stealing wifi [michiananewschannel.com] was front page news.

This past week Officer Keith Kirk, during the middle of the day caught and arrested a subject standing in an alley behind a local business, with residential housing on the other side of the alley, holding his laptop in one hand and self-gratifying himself in public. The person had connected his computer to the internet through the connection that the local business he was standing next to offers to their customers. This subject has been charged with multiple felony charges and his computer has been seized

The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system

Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

Don't be so quick. Many innocent people plead guilty because they've been poorly advised by a public defender. A plea of guilty doesn't mean the person was guilty. It means that a deal was offered and the suspect had no faith in his defense at trial.

Where does it say he had a public defender?

He'd refused a more favorable plea deal last summer, insisting on fighting the government's case against him. But after two days of trial -- including Thursday's testimony from expert witnesses who showed the elaborate means Ardolf used to harass and smear neighbors who'd once called the police on him -- he stopped denying what he had done."The reality of it became apparent to him that this was going to happen and he didn't want to perpetuate his own distress or the pain for the victims," Ardolf's lawyer, Seamus Mahoney, said Friday.Vengeful neighbor in Blaine pleads to Biden threat, hacking [startribune.com]

Seamus Mahoney [seamusmahoney.com] is a criminal defense attorney with a state-wide practice in Minnnesota.

If the actual perpetrator of the crime had stopped a little sooner, after his neighbours had been accused and prior to their lawyers assisting them with a private investigator (note the police had already defined their guilt

Minneapolis Star Tribune http://www.startribune.com/ [startribune.com] had several stories, which you can find by searching for "Ardolf". Good stories, although not too technical.

The victim, Matt Kostolnik, worked in a law firm, and Ardolf sent messages to the firm. The law firm hired an investigator to figure out what was going on. The investigator tracked Kostolnik's wireless traffic, and fingered Ardolf. Then they sent the cops with a search warrant to Ardolf's house, which produced even more incriminating evidence.

Ardolf turned down a plea bargain on the identity theft charges alone, so they added the child porn charges and went to trial. When he saw the evidence against him, he gave up and pled guilty.

I can remember a handful of cases like this where the victim got out of it because they managed to catch the real criminal. (Wasn't there one recently in England?) I wonder how many cases there were where the innocent victim got convicted.

In criminal matters, law enforcement knows full well that an IP address is not a unique identifier. There are countless cases where a computer is shared among multiple people or an access point is "borrowed" to obtain illicit material. You can't really get a conviction with just evidence that illicit material was sent to a particular IP address; the defendant's lawyers will have a field day with that. You need real corroborating evidence, like files on the guy's computer.

You are correct. If someone during a police investigation pleaded guilty and then later retracted the plea, what do you think he would say? I'm sure it wouldn't be "Well, the police were very nice and all, and I did plea, but now that I think of it, I'll change my mind".Of course he will say he was pressured. And in a way he is correct: Part of the job of a police investigator is to pressure the suspect into pleading guilty. They usually do it to people who they think actually did do the crime.Now, I am not

The guilty plea certainly makes it seem like this is a case where computer fraud was handled correctly by the system

Unfortunately in the US's legal system many innocent people are forced to plead guilty by threats of excess punishment. When you don't have evidence to prove your innocence pleading guilty is sometimes the wise choice.

You don't need evidence to prove you're innocent. You'd only plead guilty if the prosecution had strong evidence of your guilt, plus you were actualy guilty.

I recently moved to a new apartment, my connection wasn't that great and I was having problems with my router. I used WEP to make it "light" to the router to deal with security and due to some backward compatibility I needed for some devices at home.

When I thought my router was having problems, I bought a new one, only to realize through logs that my lovely neighbor broke into my network and was torrenting and stressing my router, my connection and most likely downloading illegal stuff.

MAC filtering will stop a kiddie for all of 3 seconds. WEP for 45 seconds. WPA (with a PSK) with a short password ( 8 characters) for a few minutes or hours based on complexity and/or computing power. The best thing you can do is to use WPA2 with a long random password full of special characters. Even then you're open to a bruteforce attack. When I'm on wifi, I just assume everything I do is being monitored (lemme adjust my tinfoil hat), if there's anything critical that I need to do, I do it plugged

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

Here's an idea. Get a Linux based router (I have a Linksys with DD-WRT) and use it to muck with any connections coming from his MAC address. You could block all his Bittorrent connections and redirect his HTTP connections somewhere else (such as a rickroll or goatse). Do this long enough to annoy the heck out of him and then block him completely using a higher grade encryption (such as WPA2) and/or MAC filtering.

If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea. Unless the neighbor knows what mac to spoof, he wont get on.

It by no means is a great or even good security practice, but in certain situations, it isnt that horrible.

If he doesnt have a large number of devices, AND he doesnt add new devices with any frequency, then adding a few address to a MAC list isnt a bad idea.

The problem is that the scenario involves a neighbor who has gone through the effort of breaking WEP; anyone using the tools to break WEP already has the tools available to see the MAC addresses of whitelisted clients, and thus can just spoof a valid MAC address.

If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

Same goes for HTTP redirects. Make them only happen every 50 pages or something. If you have a fair bit of time on your hands then injecting fake news articles onto their favorite news site could be interesting.

If BitTorrent never works then it is obvious that it is blocked. If you slow it down to something ridiculously measly, such as a few kb/s, and eventually disconnect at random intervals, it is much more annoying for the neighbor and hence funnier that way.

WPA2 is where you want to be.I had a laptop with a mini-pci network adapter built in that was old enough that it didn't support anything but WEP. 8 bucks got me a replacement card from Amazon, which did WPA2.

Well, the parent did say he needed backwards compatibility. Most, if not all, routers purchased these days will walk a user through securing a WiFi router. Generally, it's WPA2 TKIP or AES. What usually ends up happening is when one of the devices won't connect at which point they will contact tech support and informed to step-down the security. If the user is really clueless, they would have talked to both the device and router vendor for further guidance on how to do all that.

I certainly read quite often about that. I had an old windows smartphone with no WPA support (I recently changed my phone so I was able to upgrade my security).

My point is, does that mean that if I get to crack the WPA security of my neighbors, I should just do whatever I want on their network, including illegal attacks and downloading illegal content, and well "Bad luck I manage to crack your security and screwup your life"?

That's exactly my point. You think you're the smartest guy because you're stealing your neighbor's BW? You can be as smart as you want, but if you pick my lock, and try to get into my place when I'm in, in my defense I can shoot your head with my gun.

Then again, I check my network and see something abusive. I don't care if a person uses my network (I used to leave it open - as a grad student you realize that some people just don't have the money to pay for a freaking network connection). What I don't like

MAC filtering is a waste of time. MAC addresses can easily be changed to match one of your exciting addresses. And you're already broadcasting your existing devices. Guess what one of the first things attack tools do when they're having trouble getting a response from the AP?

MAC filtering is a waste of time. MAC addresses can easily be changed to match one of your exciting addresses. And you're already broadcasting your existing devices. Guess what one of the first things attack tools do when they're having trouble getting a response from the AP?

Changing the MAC address of a device means you give up any excuse that you got onto someone's WiFi connection by accident. So when I call the cops, you are in serious trouble. The good thing about WiFi hacking is that you have to be nearby. Which means I'll find you. And I'm not mad enough to knock on your door myself.

You think that the dude hit Google to find what he considerred good child porn. I have no clue what that would be since I consider it all to be bad. Also, CP is such a common thing to plant these days. He needs to step up his game.

Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

Furthermore, I am one of the people that believe that people should understand the technology they use, or

Unsecured doesn't imply incompetent - there are people who happily leave a public WiFi connection to the net which is securely isolated from their internal network. Hell, there are businesses [fon.com] built on exactly that premise.

Unsecured doesn't imply incompetent - there are people who happily leave a public WiFi connection to the net which is securely isolated from their internal network.

In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

In fact, if you intend doing anything online which might raise the ire of authorities, "securing" your WiFi is actually quite foolish. What you are effectively doing is removing a reasonable doubt that activity over the connection is your activity.

The geek's notions of "reasonable doubt" will most likely land him in the slammer.

The geek's notions of "reasonable doubt" will most likely land him in the slammer.

IAAL.

But do note, I'm not saying that simply leaving your connection unsecured will keep you out of the slammer. I'm saying that securing your connection will give us (lawyers) one less handle to work with.

"Good child porn", if not oxymoronic, is probably not hard to find. Once I saw a Wikileaks story on the "secret" blacklist of websites that Norway was firewalling. Somehow the list got out to Wikileaks, and all the URLs were published there as links. I clicked on a random one from the list, thinking "he he he, this wouldn't work if I were in Norway." Except the site was kind of gross so I clicked Back and tried another one. That was gross too... I started to think, hmmm, I can see why these sites pissed off

Also, did the guy hack it, or just get access to it since it was left without proper security, as I would not consider it "hacking" to access the neighbor's wireless.

I wouldn't consider taking a car with the keys left in it "theft", but go figure - the law disagrees;) Just because it's easy to attach to someone's unsecured network doesn't mean doing so is acceptable -- the wrongdoer is the one making the connection, not the one who fails to make such activity challenging enough to deter the would-be perpetrator.

If leaving keys in your car was the local custom for implicitly letting people know that it was ok to use the car, then it would not be stealing. While some people don't expect someone else to connect to their router, leaving a router without a password IS the stand practice for telling people it is ok to use the router. Every router comes with a way to indicate that you don't want someone use it without permission.

If you want a car theft analogy, you would need to have a society where lots of people,

He worked for Medtronic [citypages.com], which is a huge recipient of healthcare funding for unnecessary surgeries for old people. So, in a sense, yes, he was being indirectly paid by the US government as he tried to frame his neighbor as being anti-government-spending. I'd say that qualifies as promoting a product.

Death threats against the vice president, breaking into his neighbor's wireless... But no, he didn't stop there. Child porn.

Read deeper.

Think before another knee-jerk mod-up:

It began in August 2008, when Ardolf's new neighbors called Blaine police to report a creepy encounter. Ardolf, they told police, had picked up their 4-year-old son and kissed him. After that, Matt and Bethany Kostolnik said, they intended to just keep their distance from him.

Seems like just the opposite to me - a good reason to leave your wireless open. Plausible deniability.

"Would use of those Yahoo accounts be traceable through forensic analysis of the computer that accessed it?""yes""And was any found on my computer?""no""And were all computers that had access to this wireless router analyzed?""no"

I'm not convinced of that. You're correct if the end user is semi-competent, but incorrect if the end user is an idiot. After all, the security system likely has an "off" switch somewhere (physical or otherwise). A security system cannot "do its job despite the actions of the end user" if the action of the end user is to turn them damn thing off, because they can't figure out how to make it work.

Connecting to a wireless router usually means obtaining IP settings via DHCP. In the process, the MAC address of your network adapter (which is supposed to unique) will be recorded on the router, at least for some period of time. Therefore, if you want to connect without leaving an obvious fingerprint pointing back to your computer, first modify the MAC address that your network card is putting out. On Windows machines, drivers often provide a way to specify your MAC address under the "advanced properties" of the adapter. On my Intel network adapter, for example, the setting is listed as "Locally Administered Address", and is undefined by default.

You might even spoof a specific make of network adapter by choosing an "Organizationally Unique Identifier" from the OUI Public Listing [ieee.org].

That only helps if you're religious about changing it back and removing all traces each time you connect for a brief bit of time. Stay connected for a few months doing something that will get you a visit by police/fbi/cia, etc, and you're no better off if they visit while you're still connected, still using the "spoofed" IP address. If you've got a "spoofed MAC address" file on your desktop and they come looking, I'm pretty sure that if that MAC address matches the ones they have logs of, you're still toast

Is that this fool will be sucking some sausage sammich in prison before long. His lawyer may be able to plead out the pedo rap (honestly I just downloaded it from the internet so I could make my neighbor look bad)but I don't think they will ignore this in jail. Sucks to be him but that's what happens when you let your malice get the best of you.

I imagine it's too late to try to plead down the child porn charges. He apparently already had his chance, and could have avoided prison entirely, but the guy, for all the claims of being technically-savvy, seems pretty awe-inspiringly dumb. I see no evidence that the prosecutor offered a new plea bargain, though maybe the judge will look somewhat more kindly on this incredibly nasty guy for having spared the court any further trouble. He'll see jail time, and of a significant variety, and will probably

My neighbor on one side of me has an open WIFI connection (apparently) as the grandson of my other neighbor walks into my backyard to pickup the signal with his iPOD. Last night he was sitting in a plastic chair in the middle of my yard in six inches of snow and freezing cold out so he can acquire a connection and do whatever it is he is downloading/reading for hours at a time.

I have decided to stay out of the situation as my neighbor has the right to have a non-password protected access point if he desire

Ardolf faces a potential maximum penalty of 20 years in prison on the distribution of child pornography charge, ten years on the possession of child pornography charge, five years on both the unauthorized access to a computer and the threats to the Vice President charges, and a mandatory two-year minimum prison sentence on each count of aggravated identity theft.

Ardolf, they told police, had picked up their 4-year-old son and kissed him.

So let me see if I get this straight. The max penalty for child porn possession is 10 years, and picking up a 4 year old and kissing him (presumably without the parent's consent) isn't even in the charges? Given that child porn has been extended to include images of adults who are portrayed as children and that he had inappropriate contact with a real child, that seems out of whack to me. Distribution of child porn is easier for me to understand being in the same ball park as inappropriate contact, but possession? And not even including inappropriate contact in the charges?

Maybe there is a good reason in this specific case that the articles don't cover, but this seems like a solid red flag to analyze the laws and make sure they are coded properly. This sounds like a pretty serious bug to me.

I just got forwarded this link by an associate of mine. I was surprised to find out this made slashdot...
I was the "private investigator" that was hired to originally absolve the neighbor from sending the original emails which included the child porn to the lawfirm's partners. After seeing the pattern I thought I had a good chance to catch the hacker and the firm retained my services to go after him. The reasoning was that if we were to lock things down (remove the wireless and hardwire) that the person trying to get at the neighbor would find other avenues to get at him. We had a very reasonable honey pot that could produce honey sitting in front of us. I'm independent not working for any one other than my own company/myself or subcontracted for numerous firms around. I used a combination of wireshark and a few self custom written utilities to go after this guy. And no, these utilities are mine and are not for sale; sorry. I'm an engineer/analyst, security specialist, and developer with about 24 years of paid professional experience which really helps when you need to understand something then write a utility to provide it.
His wireless was installed by qwest and used WEP as the base configuration (GASP). Whether or not this encryption should have been used or not, the sheer nature that there was some form of encryption did matter in the end. It is easy to hack WEP (and not too hard for WPA/WPA2 either...) but it is illegal to do so. This is one of the six charges he was charged with. From what I understand, if there was no encryption then it would have been a completely different case...
It took months of watching the traffic, sifting through gigabytes of PCAP logs, to find what I was looking for. Once I found the smoking gun it was provided back to the FBI that validated what I found then issued a search warrant to go after the guy. The fact was that a MAC address was impossible to use so the firewall log only showed that rogue connections were being made. A single IP address was also impossible to use since that IP address was being assigned by the neighbor's DHCP server (dsl router). The FBI and Secret Service was not involved with the initial technical search nor could they be due to federal laws.
Barry was a "certified ethical hacker" (CEH) which means that he knew the process and has been trained to run the proper utilities to hack. Not that this is mandatory, any kiddie can search on youtube to find out how to do this and just how easy it is. But he at least understood the concept of IP addressing. It turns out that he understood MAC addresses as well since he was changing his computer's NIC's MAC address on a regular basis.
I don't know exactly what was found on Barry's computers once the FBI took over or how much (if any) additional child porn was pulled. I do know he found the previous neighbors (from another city) SSNs, their tax returns, and also copies of the current threatening letters on his computers. The other neighbor's around Barry's house were also broken into which made the argument of using a YAGI antennae an almost impossible feat due to the physical locations of the houses. All I know is that this guy had some serious issues and became "bitter" at the world that seemed to have started when his wife suddenly died about 10 years ago.
There was a LOT to this case and it wasn't a simple slam dunk. We had a mountain of evidence that was racked up over a period of time. Each piece was necessary to prove/disprove methods and ownership. The worst part was getting the information in a form that the jury would understand. I firmly believe that our federal prosecutor had a good understanding (and took the time to understand) the technology behind it and created a very easily understood case without losing the intrigrity of the technology.
Point is, no matter how good you think you are; there is always someone better (and the same goes for me as well). Stay white; its just not worth it.... This guy is looking at a possible 44 years in fed. Barry was offered a plea of 2 y

Likely all his computer equipment confiscated for evidence, some good ol' police questioning (think how bad you would be treated if the police know you were downloading child porn) and of course his local reputation tainted by association with the case.

Of course once forensics failed to find corroborating evidence on his PC that he did the crimes, they would have immediately gone into 'this is a frame up' mode, and he would have been questioned further in regards to who would have a motive to having him arr

I'm assuming a bit. He's going to get hauled in for questioning, his computer(s) forensically searched, and in general live under a cloud for at least a few weeks. My assumption is that the search found nothing, so the cops dug a little deeper. All they really need to do is sit there watching the WiFi router's registrations (pretty much every WiFi router I've seen released in the last decade shows DHCP and WiFi registrations), and then watch what the neighbor is up to. Still, the first assumption the co

The only thing I can think of is that the neighbor starts finding this suspicious stuff about them online. Calls the cops (or the cops call him) and then start pulling records off the wireless router.. Like you said the MAC address should be recorded. They may have been able to subpoena (or not, thanks patriot act) the local ISP's and start pulling mac addresses from the neighborhood.

What I don't get is why so many folks let themselves uniquely be turned into raving lunatics about politics - especially given how important the issues are to them.

Because the law is fucking insane. For instance, we live in a country where it's considered an appropriate and measured response to throw someone in prison, and confiscate their home, for growing a plant that's some people disapprove of. How do you deal with that rationally?

If you have a mission, and that mission is important - you need to focus. Turning explosive (figuratively, or literally when you mix in religion) might seem a good way to get attention on something that is overlooked - but if you pay any attention to how political events turn out, it rarely has a positive net effect.

The problem is, nothing really has a positive effect. It's been a steady slide down towards authoritarian corporatism for all of my 30 years in this country. Every last tiny shred of hope has been crushed out of me. There is no chance for change besides another American Revolution. Unfortunately, I don't see it coming in my lifetime. All I can do is keep my head down and try not to get caught up in the machine. If anything, I'm surprised we haven't seen more people flip out. The situation definitely calls for it.

Politics is Professional Deal Making, where the name of the game is getting your cut of the proceedings. Actual "fairness" is only used lately when it seems like a useful strategy, oherwise Big Money wins 1-0.

People get freaked about poitics because it's fuzzy judgement zone where the best sneak wins.

His threats against Biden had nothing to do with politics. Had it been McCain in office Palin would have gotten the death threat instead. It seems that he wanted revenge against his neighbors and was sane enough to understand that the local cops were worthless in matters of cyber crime and wanted to insure that semi-competent agents of the law got involved.

Obama (picking up the phone): Could I get some Secret Service in here. Someone let the Gimp out of his cage again... Yeah, that's right. Put him in the Cheney Room this time... no need to remove the rack and the car battery.

He's getting jail time for unauthorized access, he used software to overcome the security of the router. I would agree with the media that it is close enough to hacking. Now had he stumbled on his neighbors' (open) wifi while trying to connect to his own and gotten busted for child porn I would say the term hacking is a bit much.

First, you're dealing with a police that can, with 2 weeks training, find the "on" button on a computer. They see:1. Hate mail to prez.2. ISP says it's him.3. cuff him, seize everything and his dog and have the geeks in the basement of the office sieve it.4. interrogate him 'til he cracks.

They have no idea what WiFi is and that it can actually be used by someone who isn't you. The computer freaks at the ISP said it's your computer that sent it, so it's